Services management
The LORIX OS, as every advanced operating system, has a few services running all the time to ensure features support (SSH service for example). In the Linux world, a service is often called a daemon and represents simply a process which is running for a long period of time in background.
In this documentation, we will keep the term "service" as it's more generic.
The service management in LORIX OS is the responsibility of OpenRC, a dependency-based init system.
We made this choice because OpenRC is a great trade off between SysVinit (a System V style init programs, light and simple with very limited features) and systemd (huge memory consumption and providing a lot of features).
From the Wikipedia's page about OpenRC:
"OpenRC is the default init system of Gentoo, Alpine Linux, Hyperbola GNU/Linux-libre, Parabola GNU/Linux-libre, Artix Linux, Maemo Leste, TrueOS and other unix-like systems, while some others such as Devuan offer it as an option."
OpenRC provides among other things the following features:
- Multiple runlevels which represent the life cycles of the system (boot, sysinit, default, ...)
- Complex dependencies support between services
- Optional process monitoring for particular services which need to be monitored and restarted in case of failure
- Powerful utils to:
- Show status of the services
- Start/stop/restart a service
- Enable/disable service start at boot
Service start/stop vs enable/disable
Prior to further explanation, it's important to understand these two different concepts in OpenRC, starting or stopping a service and enabling/disabling it:
- start/stop
A service which is available on the system can be started, restarted or stopped.
This concept is quite simple and the service's process will be started or stopped following the OpenRC command invoked. - enable/disable
On the other hand, enabling/disabling a service is related to its installation making it available at boot for a given runlevel and thus making it to start automatically.
No relation
Both part are not related, we can for example install a service (enable) in the runlevel default without making it running for the current session or we can start a service immediately without making it start at boot.
Start/stop is more related to the current session (volatile state) and enable/disable more related to any time (persistent state).
Architecture
An OpenRC's service is represented by a special script, they are all located under /etc/openrc.d/, their pending optional configuration files are under /etc/conf.d/.
For example, the service getty.ttyS0 has a script /etc/openrc.d/getty.ttyS0 and is loaded with the configuration script /etc/conf.d/getty.ttyS0 on execution.
Once a service has been enabled, a symbolic link is created from the /etc/openrc.d/<service> to /etc/runlevels/<boot|default|no|shutdown|sysinit>/<service>.
Services status
General overview
The command rc-status displays the current status of system services.
rc-statusResult example:
lorix-one-aabbcc:~$ rc-status
Runlevel: default
dbus [ started ]
busybox-syslogd [ started ]
pmonitord [ started 01:22:46 (0) ]
sshd [ started ]
busybox-klogd [ started ]
iptables [ started ]
ip6tables [ started ]
NetworkManager [ started ]
avahi-daemon [ started ]
watchdog [ started ]
chronyd [ started ]
crond [ started ]
managerd [ started 01:22:46 (0) ]
local [ started ]
getty.ttyGS0 [ started 01:22:37 (0) ]
getty.ttyS0 [ started 01:10:13 (1) ]
Dynamic Runlevel: hotplugged
Dynamic Runlevel: needed/wanted
Dynamic Runlevel: manualBy default a service is not supervised, which means that in case of a crash it will not be restarted. For services which need to be restarted (e.g.: vital for the system), OpenRC provides also a supervision possibility.
When a service is supervised, the up time of the service and its restart count is displayed by the rc-status command (like the managerd, getty.ttyGS0, etc as showed above).
Getting the status of a specific service
To retrieve the actual status of an existing service, the command rc-service can be used:
rc-service iptables statuslorix-one-aabbcc:~$ rc-service iptables status
* status: started
lorix-one-aabbcc:~$ rc-service inexisting-service status
* rc-service: service `inexisting-service' does not existStart/stop
Some of the LORIX OS services are vital to the proper functioning of the system and should not be stopped or the system could become non-functional.
Never stop a native service unless you know exactly what you are doing.
Start
To start a service, a valid script file (with executable rights) must be existing in the directory /etc/openrc.d/<service name>, then the following command can be used:
sudo rc-service <service name> startlorix-one-aabbcc:~$ sudo rc-service iptables start
iptables | * Loading iptables state and starting firewall ... [ ok ]Stop
To stop a service, the command rc-service also applies:
sudo rc-service <service name> stoplorix-one-aabbcc:~$ sudo rc-service iptables stop
iptables | * Stopping firewall ... [ ok ]Restart
To restart a service, the command rc-service also applies:
sudo rc-service <service name> restartlorix-one-aabbcc:~$ sudo rc-service iptables restart
iptables | * Stopping firewall ... [ ok ]
iptables | * Loading iptables state and starting firewall ... [ ok ]Enable/disable a service at boot
As previously explained, starting a service doesn't mean it will be started automatically on next boot. Also, enabling a service to be started at next boot doesn't mean it will immediately start.
This section describes how to enable/disable a service at boot.
Some of the LORIX OS services are vital to the proper functioning of the system and should not be disabled or the system could become non-functional upon next reboot.
Never disable a native service unless you know exactly what you are doing.
Show enabled services
The command rc-update without argument can be used to display all the enabled services and their corresponding runlevels:
rc-updatelorix-one-aabbcc:~$ rc-update
NetworkManager | default
alignment | sysinit
avahi-daemon | default
binfmt | boot
bootmisc | boot
busybox-klogd | default
busybox-syslogd | default
cgroups | sysinit
chronyd | default
crond | default
dbus | default
devfs | sysinit
dmesg | sysinit
fsck | boot
getty.ttyGS0 | default
getty.ttyS0 | default
hostname | boot
hwclock | boot
ip6tables | default
iptables | default
killprocs | shutdown
local | default no
localmount | boot
loopback | boot
managerd | default
modules | boot
mount-ro | shutdown
mtab | boot
pmonitord | default
procfs | boot
reset-lgw | sysinit
root | boot
savecache | shutdown
ssh-key | boot
sshd | default
stopstatusled | shutdown
swap | boot
sysctl | boot
sysfs | sysinit
udev | sysinit
urandom | boot
volatiles | boot
watchdog | defaultThe previous result shows that for example, the service iptables (firewall for IPv4) is started at runlevel default.
Enable service auto-start at boot
The service to be installed needs a script in the directory /etc/openrc.d. Once this script exists, you can enable it (install it for boot) using the command rc-update:
sudo rc-update add <service name> <runlevel>lorix-one-aabbcc:~$ sudo rc-update add iptables default
* service iptables added to runlevel defaultThe available runlevels are:
- sysinit
Initial system init, you probably never need to add a service in this runlevel. - boot
Early program start and basic configuration. Most of the time, it concerns program which should never be stopped and are required by the default runlevel.
You most likely don't need service in this runlevel. - default
The main runlevel which contains most of the services. This is most likely in this runlevel you would like to add your own. - nonetwork
Existing but not used by LORIX OS runlevel - shutdown
Service which should be executed only a shutdown moment.
The runlevel argument is optional and the default runlevel will be used if not specified.
Disable service auto-start at boot
To disable auto-start at boot for a particular service, the command rc-update is also used:
sudo rc-update del <service name> <runlevel>lorix-one-aabbcc:~$ sudo rc-update del iptables default
* service iptables removed from runlevel defaultThe runlevel argument is optional and the service will be disabled from all enabled runlevels if not specified.